Basic
Web exploitation is the process of exploiting vulnerabilities in web-based applications to gain access to sensitive data or control over the app.
Diambil dari ctf101.org, Web Exploitation adalah prosess mengeksploitasi kerentanan yang terdapat di web based application atau web untuk mendapatkan data yang sensitif atau mengontroll web tersebut. Untuk basic dari exploitasi web sendiri terdapat owasp top 10 (2023) yang terdiri dari :
SQL Injection for database attacks
Injection for database querying #sqli
Cross-Site Scripting (XSS)
Usually JavaScript-based browser attacks launched via infected web pages, leading to session hijacking, cookie theft, or other attacks on users. #xss
Command Injection
Atackers inject malicious commands into system commands executed by the application, potentially gaining control of the server or executing unauthorized operations. #commandinjection
LDAP Injection
Attackers manipulate LDAP queries used for authentication and authorization to gain access. #ldapinjection
XML Injection
Atackers insert malicious content into XML data, potentially disrupting the applicationβs parsing process to gain access. #xmlinjection
Β· Server-Side Template Injection (SSTI)
Where attackers inject malicious code into server-side templates to execute code on the server. #ssti
